Hello All,
A common challenges for service accounts, after that 1st install, is these are "known" passwords to many team members or may become "stale" with regard to internal governance policies.
The deck (pdf) enclosed outlines the list of service accounts, the location of the password hash, the separation of duties (SOD) & functionality performed by each service account (this assume not one ID was used), and a primary method to update the password. If possible, a secondary method is also offered, if there are any issues with the primary method.
Also enclosed process, to force workstation/laptop to a particular ADS DC for testing the CA IM AD Reverse Password Sync Agent on selected DCs from one workstation; to allow full unit testing to each DCs.
Kind Regards,
Alan.
Edit: 4/23/2018 Moving location for better view for all resources, clients, & partners.